Hi, A recent report to the security team redrew my attention to this bug assigned to the TC for a while now, about the staff group being root-equivalent. As we're at the start of a release cycle, in my opinion now would be a good moment to resolve it. My view on it follows.
Firstly, I think it violates the principle of least surprise. This is not the first and probably not the last time someone accidentally discovers that the staff group has root-equivalent semantics. This is not obvious, and there's scarce documentation about the fact that this group implies root and is hence very different from many other groups on the system. Such a property should not come as a surprise. Meanwhile, this is just one way to implement differentiation between junior and senior sysadmins. There are many others, a notable one being the use of "sudo". The specifics of group staff may not fit your setup: perhaps another group from LDAP is used to decide on this difference, or there are other needs than writing /usr/local specifically. I have no evidence that this feature is in common enough use that would support it being the default. There are the problems with the approach which have been cited earlier in this bug and those linked from it, especially #299007 has some discussion and has support of a number of DD's for changing this. Should you need the functionality, it's of course trivial to recreate the situation (you need to take some action anyway to make use of it). thanks, Thijs
signature.asc
Description: This is a digitally signed message part.
